From 286a935a598149003cc8ce7089659083599844a0 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 1 Jun 2006 16:59:55 +0000
Subject: [PATCH] Comment nonce fixes from Mark Jaquith and mdawaffe. fixes
 #2760

git-svn-id: http://svn.automattic.com/wordpress/trunk@3827 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/comment.php           | 6 ++++--
 wp-admin/edit-form-comment.php | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/wp-admin/comment.php b/wp-admin/comment.php
index 55f4c9e2b..c0c96ec3d 100644
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@@ -184,7 +184,9 @@ case 'approvecomment':
 
 case 'editedcomment':
 
-	check_admin_referer('update-comment');
+	$comment_id = (int) $_POST['comment_ID'];
+
+	check_admin_referer('update-comment_' . $comment_id);
 
 	edit_comment();
 
@@ -192,7 +194,7 @@ case 'editedcomment':
 	if (!empty($referredby)) {
 		header('Location: ' . $referredby);
 	} else {
-		header ("Location: edit.php?p=$comment_post_ID&c=1#comments");
+		header ("Location: edit.php?p=$comment_id&c=1#comments");
 	}
 
 	break;
diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php
index 5b28966cf..1f23cef70 100644
--- a/wp-admin/edit-form-comment.php
+++ b/wp-admin/edit-form-comment.php
@@ -6,7 +6,7 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
 ?>
 
 <form name="post" action="comment.php" method="post" id="post">
-<?php wp_nonce_field('update-comment' . $comment->comment_ID) ?>
+<?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?>
 <div class="wrap">
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
 <input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />